3.4 Java API Login with Security Policies

When OWSM security policies are applied to the I/PM web service, Java API code must use the WsmUserToken class to login rather than the BasicUserToken class. The WsmUserToken class is helper class for configuring OWSM client side security polices, including a set of static constants for setting the correct client side policy. Depending on the policy being used, addition configuration setting may be required as well. Refer to OWSM document for complete details on the meaning of the various configuration options.

The following example code fragments demonstrate possible usages of the WsmUserToken class for various policy types.

Example 3-1 WsmUserToken Class for Various Policy Types

WsmUserToken userToken = new WsmUserToken ("weblogic", "weblogic");
userToken.setClientPolicy(WsmUserToken.USERNAME_TOKEN_POLICY);
ServicesFactory.login(userToken,  wsurl);

WsmUserToken userToken = new WsmUserToken ("weblogic");
userToken.setClientPolicy(WsmUserToken.SAML_TOKEN_POLICY);

WssUserToken userToken = new WssUserToken ();
userToken.setUserName("weblogic");
userToken.setClientPolicy(WsmUserToken.SAML_TOKEN_MP_POLICY);
userToken.setKeystore(".\\config\\default-keystore.jks", "JKS", "welcome");
userToken.getSecurityParameters().put(SecurityConstants.ClientConstants.WSS_ENC_KEY_ALIAS, "orakey");
userToken.getSecurityParameters().put(SecurityConstants.ClientConstants.WSS_ENC_KEY_PASSWORD, "welcome");
userToken.getSecurityParameters().put(SecurityConstants.ClientConstants.WSS_SIG_KEY_ALIAS, "orakey");
userToken.getSecurityParameters().put(SecurityConstants.ClientConstants.WSS_SIG_KEY_PASSWORD, "welcome");